[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#51586: Please Reopen 51586 ("secure" mode in dvips should be the default)

From: eichin@thok.org
Subject: Re:
Date: 20

> I hope you don't mind my bringing this to the attention of a wider
> audience (security@debian.org in particular), I think they might have
> more clear arguments as to why dvips -R should be the default (or not,
> and if not, they're probably more likely to convince me to drop the
> issue :-)

No, I do not mind at all, I wish to clarify the problem.

> > By the way it is described in dvips info like follows; ...
> > or whatever is appropriate.  This feature can be disabled with the `-R'
> > command-line option or `R' configuration option.
> When I submitted the report, I think the configuration option was new,
> and the place I'd heard about the issue had actually changed the
> code.  Changing the debian version of the config file is probably
> a reasonable approach.  I don't recall if I'd checked the redhat
> installation at the time for comparison.

Well I doubt that `R' configuration option disables the feature
because `R' is used to set Resolution of PK fonts as far as I know.

It seems the statement of info is wrong, does anyone know about
this? (another bug?)

> It means that if I send someone a DVI file, and they view it with xdvi
> it looks ok (because xdvi ignores most \specials) but if I have a
> \special that says "rm -rf $HOME", and they go to print it, kaboom.

Thanks for your explanation.  I understand that this is really

Regards,			2000.5.21

 Debian JP Developer - much more I18N of Debian
 Atsuhito Kohda <kohda@pm.tokushima-u.ac.jp>
 Department of Math., Tokushima Univ.

Reply to: